Understanding all the security data that is collected by an organization to actually detect threats often involves the expertise of a trained security analyst. Unfortunately, security analysts are in short supply, which is where Kumar Saurabh, co-founder and CEO of LogicHub, sees an opportunity for his new company.
LogicHub officially emerged from stealth on Feb. 1 with $8.4 million in Series A funding from Storm Ventures and Nexus Venture Partners. The core technology provided by LogicHub is a security intelligence automation platform that offers the promise of improving the efficiency of security analysts in detecting potential threats.
Saurabh previously helped to co-found log analytics and management vendor Sumo Logic in 2010, which he left in January 2016 to start LogicHub.
"After spending six years at Sumo Logic, one of the things that I saw over and over is that data does not equal visibility," Saurabh told eWEEK.
In his experience, what is required to get value from security data is often a smart cyber-analyst and a team of experienced threat hunters. Given existing market dynamics for security skills, the reality is that it's not likely that every company will have the right people in place to efficiently handle threat detection.
"We started LogicHub a year ago to bring automation to threat detection,"Saurabh said. "Our belief is that if we can automate a lot of the things that analysts do today, we can actually make security teams more productive."
The LogicHub platform uses machine learning algorithms and artificial intelligence methods to help an organization rank potential threats, from data feeds already collected by an organization. Saurabh explained that the LogicHub platform's intelligence is an attempt to replicate the way that the best human cyber analysts in the world work to identify threats.
"What we have built is an architecture that understands what the data is, how to enrich the data and how to prioritize items," Saurabh said. "The architecture has been designed to model really sophisticated workflows."
Many organizations today already have Security Information and Event Manager (SIEM) technology deployed to collect log information. Some SIEM platforms today also provide security analytics capabilities as well. Saurabh emphasized that LogicHub isn't trying to re-invent the SIEM and his company's technology isn't another security analytics product either. The SIEM today is a repository of data and security analytics helps to ask questions about the data.
"True intelligence is about understanding how to explore data and look at it from different angles and how to make a judgement about which events are normal and which are not," Saurabh explained. "That's the true intelligence that is often trapped in a human security analyst's head."
With a typical artificial intelligence system, there is often a required period of training, before the system understands how to act. Saurabh explained that the goal with LogicHub is to have an automated process in place rapidly.
"We are not talking about training the system," Saurabh said. "With automation we're talking something that works, which is the security analyst workflow and running it at machine speed."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.